Networking solution

[Finalbarrage2]

We are currently installing internett in a brand new 3 story apartment, and i wonder what the best solution is. 

 

The building is 3 stories tall, each story has their own individual appartment, and all we have is a router in the first story. I suggested we purchase two more routers, one in each of the two other apparments, and connect them in serie with a ethernet cable. That way they all have a strong wifi signal, and all have the ability to do their own routing in their own appartment using ethernet cables. Is this a good solution?

[manikyath]

3 ISP internet connections, 3 modems (one in each appartment), 3 entirely seperate networks.

 

thats the only way this can be done sensibly.

[Finalbarrage2]

We want everything on the same network though to save money. Why should we not do this?

[Finalbarrage2]

This was my idea. Orange is the main routing, and green is whatever they wanna do in their own appartment.

[Finalbarrage2]

Whops, here it is

[Donut417]

Issue you will have is multiple layers of NAT if your use the Internet port on the 2 and 3rd router. Also, If I was renting a place, Id want my own internet connection. Just saying. 

[Finalbarrage2]

We have a 150/150 connection, i dont think sharing will be a problem

[AshleyAshes]

If you're all going to do this as if it was one home then the solution is quite simple.  Drill through the floor and run ethernet cables.  Install switches on each floor as needed and if additionally needed, access points.

[Donut417]

4 hours ago, Finalbarrage2 said:

We have a 150/150 connection, i dont think sharing will be a problem

ITs not about that. Its about NAT. Many pieces of software hate NAT to begin with. The person on the third floor can have 3 layers of NAT to do with. He will have to port forward thru all the routers to reach the internet properly, if they need to port forward. Things like game systems hate NAT as well. 

 

Now if your treating this as one home do what @AshleyAshes suggested. Because using multiple routers is a port forwarding nightmare. 

[AshleyAshes]

3 minutes ago, Donut417 said:

ITs not about that. Its about NAT. Many pieces of software hate NAT to begin with. The person on the third floor can have 3 layers of NAT to do with. He will have to port forward thru all the routers to reach the internet properly, if they need to port forward. Things like game systems hate NAT as well. 

 

Now if your treating this as one home do what @AshleyAshes suggested. Because using multiple routers is a port forwarding nightmare. 

Not to mention the challenges of QoS and if I was sharing the internet between 3 different apartments, QoS would a major concern.  If I had to deal with bad YouTube access on the 3rd floor because someone on the 2nd floor was reinstalling GTA5 via Steam, I'd be pretty annoyed.

[dalekphalm]

On 01/08/2017 at 4:38 AM, Finalbarrage2 said:

Whops, here it is

IF you are dead set on doing this, you need to rethink the layout.

 

You should feed it like so:

 

ISP main line comes in: ISP Modem

Then, a main router (Or if the Modem is a Modem/Router combo box)

Then, three ethernet cables feed DIRECTLY to each Router, in each apartment - the orange cables go from the modem to each unit directly - NOT daisy chained, like you've got.

 

But honestly, this will likely be a bad setup in either case. Dual NAT is gonna be annoying, unless the tenant simply does Facebook and nothing else. QoS (Quality of Service) is gonna be a nightmare too, since each tenant won't have their own dedicated lines - what John does in Apt #1 will directly affect the experience that Stephanie has in Apt #2.

 

Ideally, get the ISP to install a direct line to each apartment, and simply have the Tenant pay for their own internet. You might be on the hook for installation fees, but that's it.

 

If the ISP runs Coax Cable Internet, it'll be easier for them to install three separate "lines". They might even be able to do it off of one single line coming in. You should ask them and find out the process.

[AshleyAshes]

Wait, here's an important question: Are these apartments being used by one group?  Like, are you part of a group of friends all getting a bunch of apartments and sharing your internet?  Or are you a landlord providing internet access to your units?  Because obviously if all three apartments are inhabited by total strangers, the network considerations would be different since tenets would not want other tenets accessing their network shares or even really being on the same network or other possible complications.  These are two pretty distinct scenarios in my opinion, can you clarify which this is?

[Finalbarrage2]

You say an alternative is to use swiches in each appartment, why cant routers be used as a swiches and APs?? Also i dont know what a NAT is. The network has been installed already, should we take it down? I really dont want to take things down as it will make me look stupid

 

We wont do individual ISPs, everything will run on one network as if its a single home. 

 

Its easy to change it so that every router connects to one unit at floor one, why is this better than connecting it in serie?

[dalekphalm]

6 minutes ago, Finalbarrage2 said:

You say an alternative is to use swiches in each appartment, why cant routers be used as a swiches and APs?? Also i dont know what a NAT is. The network has been installed already, should we take it down? I really dont want to take things down as it will make me look stupid

 

We wont do individual ISPs, everything will run on one network as if its a single home. 

 

Its easy to change it so that every router connects to one unit at floor one, why is this better than connecting it in serie?

NAT stands for Network Address Translation.

 

It's the thing that takes the single WAN (wide area network - eg: The Internet) IP Address your ISP gives you, and translates that into the many LAN (local area network) IP Addresses that each device has.

 

One of the primary functions of a "consumer" router is NAT (along with other things, such as a Firewall, a DHCP server so you don't have to configure static IP Addresses for every device, etc).

 

The difference between putting a Router vs a Switch + AP in every apartment is how they will be configured.

 

If you put a switch + AP in every apartment, they'll all be part of the same, big network. Configuration will be extremely simple, and there will be less worry about conflicts. The downside to this is lack of security or segmentation, since every tenant will be sharing one big network. If Tenant A accidentally downloads a network aware virus, he puts the rest of the tenants at risk. If Tenant B decides to torrent Game of Thrones, he might bring the rest of the network down to a crawl (This can still happen even with routers vs switches). Furthermore, each device, even in a different apartment, will be visible and potentially accessible to the other tenants.

 

This is generally a bad security practice.

 

Using Routers can provide a better setup, but requires additional/more complex configuration to do it properly:

1. You need to properly wire the Ethernet cables so as to NOT DAISY CHAIN THEM (You are daisy chaining them in the network diagram you created above). Daisy chaining them means Apt #3 at the top has to go through at least 3 routers before he hits the internet - THIS IS BAD. It can cause performance issues, but also will mess with applications, games, or other services that may rely on Port Forwarding (Allowing a port through the firewall).

 

You can also use routers in exactly the same way you'd use Switches + AP's, but just turn off the router features (Which leaves the router as a switch + integrated AP). The downside to this is added complexity, because you would need to know how to properly set the devices up and disable the proper features. Plus, not every router supports doing this in an easy way.

 

Ideally, you want to feed a direct internet connection to each apartment.

 

If you are getting internet from ComCast over Coaxial Cable, for example, you'd have the cable company install a cable line in each apartment. Then, the tenant would be responsible for calling ComCast and arranging their own internet (paying their own bill, providing their own modem - or getting it from ComCast, etc).

 

If you are going to use 3 different routers - one for each apartment, you're basically signing up to become their network administrator. Every little internet issue will be YOUR responsibility to troubleshoot, diagnose, and fix. You'll be responsible if Jim from Apartment #3 can't use Skype, or that Ted from Apartment #2 can't torrent Linux (A perfectly legal thing to do), etc.

 

Whatever savings you get in installation, you'll waste in your own time.

[Finalbarrage2]

Spoiler

 

Is this a better solution then? And if so, should there be a swich in floor 2 aswell?

[dalekphalm]

Just now, Finalbarrage2 said:

  Reveal hidden contents

 

Is this a better solution then? And if so, should there be a swich in floor 2 aswell?

As a tenant, that would be worse. I would be sharing my internet with other people. I would immediately go out and buy my own router to add a firewall and protection between myself and the other tenants.

 

But it depends on how shitty of an experience (and how easy it is to manage) you want to provide.

 

If you want to provide an easy to manage, but poor user experience solution, then go with the one you've just suggested. There is no need for a switch on Floor #2, as the Router can also act as a switch (assuming it has enough empty ports on it) - a standard consumer router will have 4x LAN ports. You'll be using 2x for the other switches, which will leave 2 ports for the tenant on the 2nd floor.

[Finalbarrage2]

Then what is the best solution if we only have 1 isp?

[Finalbarrage2]

I am able to refund 2 routers, we currently have 3. The cables are in plase, but rerouting them wont be too hard. We only have one ISP. What would then be the best solution if 1 router + 2 swiches isnt a good one?

[Donut417]

3 hours ago, Finalbarrage2 said:

I am able to refund 2 routers, we currently have 3. The cables are in plase, but rerouting them wont be too hard. We only have one ISP. What would then be the best solution if 1 router + 2 swiches isnt a good one?

Having the ISP install service to each unit is the best way. Not sure where you live. But if you live in the US, many ISP's have caps. Comcast my isp has a 1TB cap. How long do you think it will take for multiple families to blow thru that? Let me put that in perspective. I live with my parents, 3 people total in this house. We used almost 800 Gigs last month. So you going to pay shit tons of overages? What if a tenant wants faster speeds? What if there is an issue with the network or internet? You going to be available at all times of the day? Pretty sure I can call an ISP 24 hours a day and get some one. You going to be on 24 hour call if the internet goes down? 

 

Any time the use a multiple routers is used it make the internet experience shit in many cases. It doesn't matter if you use a switch. Any smart person will use a router at their end as a firewall. So, your setup any way you do it will fuck your tenants over. As stated above you will be putting every ones devices at risk and some one downloads a network aware virus. 

 

You keep saying you have 1 ISP. Yeah, many apartment buildings have 1 isp. That ISP wires up each unit. Simple. Each person calls up the ISP and orders service. For large buildings they generally will run fiber and a node to them. For small building like yours they will probably run 1 or more coax cables to the premises. 

[dalekphalm]

5 hours ago, Finalbarrage2 said:

I am able to refund 2 routers, we currently have 3. The cables are in plase, but rerouting them wont be too hard. We only have one ISP. What would then be the best solution if 1 router + 2 swiches isnt a good one?

Is there a particular reason you're dead set against having the ISP run service to each apartment unit? Having one ISP isn't the issue. Just have them run service ("lines") to each unit.

 

Have you explored this option yet, or are you dismissing it out of hand?

 

The reason I ask, is that it's the best solution, yet you've dismissed our suggestions without saying why you've dismissed them. I apologize if you've already explored this possibility, but it doesn't seem like it from what you've written so far.

[Finalbarrage2]

Just to answer a few questions, i live in norway, and there is no caps. We pay a flat fee every month and thats it, unlimited data but limited speed. 3 appartments, 150mbps, so even if 3 people downloads at the same time we still get 50mb each which is still not bad.

 

I dont know how pricing works in the US, but here its exponentially less depending on the subscribtion.. here, look at this

 

40mb 60$

80mb 72$

150mb 81$

300mb 93$

500mb 123$

1000mb 180$

 

Pluss establishing a new ISP will cost 150$ per unit.

 

So lets say we do this, and we all get the cheapest subscription, we pay 60 dollars each, and get 40mb/s. Combind that money and we get 1000mb/s for 180 dollars.

 

Still no datalimit, we can cap the bandwith for 30 days stright and all they can do is ask out of curiosity.

 

This is the reason we want everything on a single network. Btw also, its fiber. Dunno if that matters but i see you guys keep mentioning coax

[Finalbarrage2]

Mobile work the same but the other way around, fixed speed but amount of data depends on subscription.

[AshleyAshes]

5 hours ago, Finalbarrage2 said:

3 appartments, 150mbps, so even if 3 people downloads at the same time we still get 50mb each which is still not bad.

I don't think you quite understand how sharing a single internet connection, without QoS, works...

[dalekphalm]

5 hours ago, AshleyAshes said:

I don't think you quite understand how sharing a single internet connection, without QoS, works...

@Finalbarrage2 as mentioned, you basically would need to configure and manage the network, if you want your tenants to have a good experience. It's certainly doable, but not ideal, and could take up a lot of your time if issues arise.

 

You'd basically need to configure the primary router to have QoS enabled and have a hard limit of 50 Mbps for each user. The way you exactly do this depends on a lot of circumstances, but with a single router (and no additional AP's), it's basically impossible to do in an easy manner. You could easily segment QoS via ports:

Example - port one on the router goes to switch #1 for Apartment #1, they get 50 Mbps

Port two on the router goes to switch #2 for Apartment #2, they get 50 Mbps

Port three goes to switch #3 for Apartment #3, they also get 50 Mbps

 

But then you have WIFI traffic, and you have no idea which devices are from which tenant. The only way to properly control QoS via WIFI with a single AP, would be to mandate that all tenants register every WIFI device they have with you, so you can use MAC Addressing to filter and apply QoS. But that's a son-of-a-bitch pain in the ass for the tenant. If their GF comes over? Sorry sweetie, gotta register your MAC Address w/ the land lord - maybe they'll get back to us in a few days. Oh, you've already gone back to school 2 towns away by then? Welp, no WIFI for you.

 

That's assuming your tenant even knows what a MAC Address is, and that your router has a robust enough QoS engine to handle that.

 

Without QoS, if Jimmy from Apartment #3 starts torrenting a very popular torrent, he'll likely take all 150 Mbps to himself. And John from Apartment #1 tries to stream YouTube and it flat out fails, starts buffering at 480p, and he gets pissed at you the landlord because "I thought we had fast internet?".

 

You could accomplish QoS with four routers (Yes, 4, not 3), by having a primary router do QoS, disable WIFI, assign 50 Mbps per port (3 ports), each port feeds to a secondary router, which has it's own WIFI SSID that is for that specific apartment only. Each apartment gets their own WIFI.

 

But you're doing double-NAT, which is not good. Any application that they install that relies on UPnP (Universal Plug and Play - this is an automated method of doing port forwarding - which is opening ports to allow specialized traffic through the firewall and through NAT) simply won't work. UPnP will burrow through the first firewall and NAT on their local router, but will be totally unaware of the existence of the primary router.

 

Then there's regular port forwarding - which is a manual process. Assuming you gave them local admin access to their specific router (Terrible idea, considering the setup you want), they could configure port forwarding on their own router, but then they would still need to get you to configure port forwarding on the primary router too, unless you give tenants access to all the routers (even worse idea, especially since they could easily and instantly fuck the entire setup accidentally).

 

That means any time they want a port forwarded, they'll need to talk to you, and get you to do it on both the local router and the primary router - assuming you know how to configure such things.

 

This is why you should just pay the $150 per unit to install an ISP connection to each apartment.

 

And then just make your tenants pay for their own internet. Easy. Done. Yeah it's $450 as an up front cost ($150 per unit, 3 units), but how much is your time worth? Are you a network admin, or are you a landlord? You shouldn't be both unless you're already well versed in network topology and configurations, and are willing to spend way more time than you think will be necessary, fixing little problems you could have avoided.

 

Do you understand what we're getting at here? Not trying to attack you, just showing you why the proposed setup you want, can work, but shouldn't be done.

[AshleyAshes]

6 minutes ago, dalekphalm said:

This is why you should just pay the $150 per unit to install an ISP connection to each apartment.

Assuming the OP is a landlord, I'm honestly kinda baffled why he doesn't just leave the ISP connection up to the tenet.  But he's from another country from me so maybe arrangements are different there.  But for me, if I was renting actual full self-enclosed suites, even if it was one in the basement of my home, I'd just let the tenet pay for get their own internet service. It's a lot less headache and the only effort I'd have to do as landlord is to ensure the ISP's techs can access the grounds for installation.